DATA

ENCRYPTION
STANDARDS, TYPES AND APPROACHES
AGENDA

• Data encryption standard

• Types of data encryption
• Data encryption approaches

2
DATA ENCRYPTION
STANDARDS
DEFINITION

Data encryption is the process of converting information into a form

that is unintelligible to unauthorized individuals, known as ciphertext, to
protect its confidentiality and integrity.
• Involves applying an algorithm or mathematical transformation
• Typically, in the form of files, messages, or other digital content
• Uses a secret key, which is a unique parameter, to scramble the data

4
ILLUSTRATION

Plaintext:
Here is my data!
Encrypt: Public Key

Cyphertext:
78_86u#NHgEL-
r7ScLPYOuGcr!

Plaintext:
Here is my data!
Decrypt: Private Key

5
PURPOSE
Secure
Communication
Channels

• To ensure that sensitive or confidential

information remains secure, even if it falls
into the wrong hands or is intercepted
during transmission. Protected
Personal Data Storage
Information
• To make it extremely difficult for
unauthorized individuals to decipher the
information, as they lack the appropriate
decryption key.

Online
Transactions

6
DATA ENCRYPTION STANDARDS
Several standards are widely used in data encryption
to ensure secure and standardized cryptographic
operations.

Advanced Encryption Standard (AES)

RSA

Diffie-Hellman Key Exchange

Elliptic Curve Cryptography (ECC)

Triple Data Encryption Standard (3DES)

7
ADVANCED ENCRYPTION STANDARD
(AES) is a symmetric key encryption algorithm widely
used for securing sensitive data. It was selected as the
standard encryption algorithm by the U.S. National
Institute of Standards and Technology (NIST) in 2001,
replacing the aging Data Encryption Standard (DES).

• Operates on blocks of data, typically 128 bits in

length • The core of AES is the Substitution-
• Uses a symmetric key for both encryption and Permutation Network (SPN)
decryption
• Supports key lengths of 128, 192, and 256 bits,
offering different levels of security.

8
RSA (RIVEST-SHAMIR-ADLEMAN)
In RSA, each participant generates a pair of keys: a
public key and a private key. The public key is openly
shared and used for encryption, while the private key
is kept secret and used for decryption or digital
signature generation. The security of RSA relies on the
computational difficulty of factoring large numbers
into their prime factors.

9
DIFFIE-HELLMAN KEY EXCHANGE
Diffie-Hellman Key Exchange is a cryptographic
protocol that allows two parties to establish a shared
secret key over an insecure communication channel
without prior knowledge of each other's keys. It is a
fundamental component of modern secure
communication.
• Provides a method for secure key establishment
• Ensures that two parties can agree on a shared
secret key without transmitting the key itself
• Based on the computational difficulty of solving the
discrete logarithm problem

10
ELLIPTIC CURVE CRYPTOGRAPHY
ECC is a type of asymmetric key encryption algorithm
that offers strong security with relatively shorter key
lengths compared to traditional encryption algorithms
like RSA
• Based on the mathematics of elliptic curves over
finite fields and provides a high level of security with
efficient computation
• Widely used in various applications, including SSL/TLS
for secure web communication, secure messaging
protocols, digital signatures, and secure key
exchange mechanisms
• Well-suited for resource-constrained devices like
mobile phones or Internet of Things (IoT) devices

11
TRIPLE DATA ENCRYPTION STANDARD
(3DES), also known as Triple DES or TDEA, is a symmetric
key encryption algorithm that enhances the security of
the original Data Encryption Standard (DES) algorithm.
It applies the DES algorithm multiple times in succession
to provide stronger encryption.

• The data is encrypted using Key 1, decrypted using

Key 2, and finally encrypted again using Key 3. This
three-stage process provides greater security by
effectively tripling the key length

12
TYPES OF DATA
ENCRYPTION
TYPES OF DATA ENCRYPTION TECHNIQUES

There are several types of data encryption techniques

used to secure data. Here are some common types:

Symmetric Asymmetric Hybrid Homomorphic

Hash Functions
Encryption Encryption Encryption Encryption

14
SYMMETRIC VS ASYMMETRIC

Symmetric Encryption:
• The same key for both encryption and decryption
processes
• The key is shared between the sender and the
recipient • One Key per session
• DES, AES and 3DES

Asymmetric Encryption: • Public Key / Encryption

• Uses a pair of mathematically related keys
• The public key is used for encryption
• The private key is used for decryption
• Private Key / Decryption
• RSA and ECC

15
HASH FUNCTIONS

Hash functions play a crucial role in data encryption and data security,
although they are not encryption algorithms themselves. A hash function
is a mathematical function that takes an input (data) and produces a
fixed-size output called a hash value or digest.
They are used for:
• Data Integrity
• Password Storage
• Digital Signatures
• Data Structures

While hash functions provide data integrity and other security benefits,
they are not reversible. Once data is hashed, it cannot be feasibly
reversed to obtain the original input.

16
HYBRID ENCRYPTION
In hybrid encryption, the best of both symmetric and asymmetric
encryption is utilized. The process typically involves the following steps:

1.Key Generation The recipient generates a key pair consisting of a public key and a private key. The public
key is shared with the sender, while the private key is kept secret.

2.Session Key Generation The sender generates a random symmetric session key specifically for the current
communication or data transfer.

3.Encryption The sender encrypts the actual data using the session key with a symmetric encryption
algorithm. This ensures efficiency and speed.

4.Key Encryption The sender encrypts the session key using the recipient's public key with an asymmetric
encryption algorithm. This ensures the session key remains secure during transmission.

5.Transmission The encrypted session key and the encrypted data are sent to the recipient.

6.Decryption The recipient uses their private key to decrypt the session key.

7.Data Decryption The recipient uses the decrypted session key to decrypt the actual data.
17
HOMOMORPHIC ENCRYPTION
• It is a form of encryption that allows computations to be performed
directly on encrypted data without the need for decryption.

• It enables mathematical operations to be performed on encrypted

data, producing an encrypted result that, when decrypted, matches
the result of the same operations performed on the plaintext

18
DATA ENCRYPTION
APPROACHES
THREE PRIMARY ENCRYPTION
APPROACHES

End-To-End
In Transit
(across the
(data in
entire data
movement)
lifecycle)

At Rest
(data
stored)

20
ENCRYPTION AT REST

Full Disk File-Level

Encryption Encryption

The practice of encrypting data while it is stored or

"at rest" in storage devices or databases. It ensures
that even if unauthorized access to the physical
storage media or the data files is gained, the data Database Key
remains unreadable and protected. Encryption Management

21
ENCRYPTION IN TRANSIT (TRANSPORT LAYER)
• The practice of encrypting data while it is being
transmitted

Secure
When data is transmitted over networks, it is Communication
Encryption
Algorithms
vulnerable to eavesdropping, interception, or Protocols

tampering by malicious actors. Encryption in transit

uses cryptographic protocols to secure the
communication channel and encrypt the data,
making it unreadable to anyone without the Public Key Perfect Forward
appropriate decryption key. Infrastructure Secrecy

22
END-TO-END
The combination of the encryption at rest and
encryption in transit. When the data is generated at
the source, it is already stored in an encrypted form.
Only the encrypted data is sent to the destination,
where users with the corresponding description keys
can convert the ciphertext to plaintext in order to
view the original information.

Content is encrypted

Encrypt Decrypt

Sender Process Server Receiver

23